The physicist Richard Feynman worked on the atomic bomb project at Los Alamos in the 1940s. This was the biggest, most secretive project in the country, and security measures were — at least theoretically — very tight.[1] Scientists were issued safes in which to keep their confidential papers. However, Feynman's restless drive to tinker and to work on interesting problems led him to ponder the puzzle of how to crack these safes.

Turns out that cracking a safe has some things in common with hacking someone's bank account in our present day: while the problem is theoretically hard, it helps tremendously to have some insight into human nature. Safes have some additional weaknesses by virtue of being mechanical devices. OTOH, they don't offer the problem we have today of trying to remember dozens of passwords.

In any event, the passage below (sorry about the length) is from James Gleick's Genius: The Life and Times of Richard Feynman and says something about the nature of security when you've got those darn humans involved. (This is edited slightly for length.)

Locks mixed human logic and mechanical logic. The designer's strategy was constrained by the manufacturer's convenience or the limits of metal, as it was in so many of the bomb project's puzzles. The official logic of a Los Alamos safe, as displayed in the dial's numbers and hatch marks, indicated a million different combinations — three numbers from 0 to 99. Some experimentation, though, showed Feynman that the markings disguised a considerable margin of error, plus or minus two, attributable to plain mechanical slackness; if the correct number was 23, anything from 21 to 25 would work as well. When he was searching combinations systematically, therefore, he needed only to try one number in every five — 0, 5, 10, 15 ... — to be sure of hitting the target. By thinking in terms of error ranges, instead of accepting the authority of the numerals on the dial, he brought a pragmatic physicist's intuition to bear. That one insight effectively reduced the total combinations from one million to a mere eight thousand, almost few enough to try, given a few hours. An American folklore had developed about safes and the yeggs who cracked them. [...] The consummate safeman was thought to need sandpapered fingers and hypersensitive ears. This was pure myth. To learn to crack safes, [Feynman] had to find his way past the same myth. Only gradually, as he looked for nuggets of useful information, did he realize how mundane the business really was. Because his repertoire would have to omit drills and nitroglycerin, it would have to make the most of such practical rules as he could find. Some he read; others he learned as he went along. Most were variations on a theme: People are predictable. They tend to leave safes unlocked. They tend to leave their combinations at factory settings such as 25-0-25. They tend to write down the combinations, often on the edge of their desk drawers. They tend to choose birthdays and other easily remembered numbers. This last insight alone made an enormous difference. Of the 8,000 effective possible combinations, Feynman figured that only 162 worked as dates. The first number was a month from 1 to 12 — given the margin of error, that meant he need try just three possibilities, 0, 5, and 10. For a day from 1 to 31 he needed six; for a year from 1900 to the present, just nine. He could try 3 x 6 x 9 combinations in minutes. He also discovered that it took just a few inexplicable successes to make a safecracker's reputation. By fiddling with his own safe he learned that when a door was open he could find the last number of a combination by turning the dial and feeling when the bolt came down. Given some time, he could find the second number that way, too. He made a habit of absently leaning against his colleagues' safes when he visited their offices, twirling the dials like the perpetual fidgeter he was, and thus built up a master list of partial combinations.

This is actually my favorite part:

The remaining trial and error was so trivial that he found himself — for the sake of cultivating his legend — carrying tools as a red herring and pretending that safe jobs took longer than they really did.

[1] Although the project was run by the military, it involved a great many civilians who had little experience with this level of security. (For some scientists, just the opposite — they were conditioned to share information.) It must have been quite a challenge. Which in the end, of course, was only partly successful, knowing as we do now that Klaus Fuchs was leaking information to the Russians, for example.